What is CVE-2026-54557?

CVE-2026-54557 is a medium-severity vulnerability in Jdx Mise, classified under Path Traversal. CVSS score: 5.5/10. Published 2026-06-26.

How severe is CVE-2026-54557?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Path Traversal in Jdx Mise

CVE-2026-54557

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the…

Vulnerability class: Path Traversal (Directory Traversal)

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N.

Affected products

Jdx Mise — versions < 2026.6.1

Weakness classification (CWE)

CWE-22 — Path Traversal

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-54557?: CVE-2026-54557 is a medium-severity vulnerability in Jdx Mise, classified under Path Traversal. CVSS score: 5.5/10. Published 2026-06-26.
How severe is CVE-2026-54557?: Medium severity. CVSS v3 base score is 5.5 out of 10.